Break
#2
MyCode
[break]"></iframe><iframe src="http://malicious-site.com/[/break]

Output
<iframe width="464" height="290" src="http://www.break.com/embed/"></iframe><iframe src="http://malicious-site.com/" allowfullscreen="" frameborder="0" scrolling="no"></iframe>

Using (.*?) can allow anything to be accepted, leaving a site vulnerable to XSS. Using a regular expression like [a-zA-Z0-9], will allow the lower case alphabet, upper case alphabet and the numbers 0-9.

Suggested regular expression
\[break\][a-zA-Z0-9]\[/break\]

You should also apply this to your other threads:
http://community.mybb.com/thread-149604.html
http://community.mybb.com/thread-149606.html
http://community.mybb.com/thread-149607.html
Reply


Messages In This Thread
Break - by Smite - 2014-01-04, 04:44 AM
RE: Break - by JordanMussi - 2014-01-04, 10:22 AM
RE: Break - by Smite - 2014-01-04, 02:51 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)